Hijack mega problem
Mam problem z wirusem Hijack i nie moge dac sobie rady z lobuzem moze ktos zerknie na ten log i napisze co mam usunac bo ja juz probowalem prawie wszystkiego. Przegladalem posty innych uzytkownikow ale nie moge sie polapac o co tam chodzi. Bardzo prosze o pomoc. Pozdrawiam.
Logfile of HijackThis v1.97.7
Scan saved at 15:02:07, on 2004–08–19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewallpersfw.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NORTON~1 avapw32.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C: otalcmdTOTALCMD.EXE
D:BAKAbookHijackHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://lookfor.cc?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {3A5E4FFC–EA72–40C8–9E03–183569A16569} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: (no name) – {F3AF6F3A–9272–4823–AB45–167C6D129F0A} – C:WINDOWSSystem32kfkcj.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:PROGRA~1POPUPCOPPopUpCop.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1 avapw32.exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [Reminder for Calendar 1.0] C:Program FilesKalendarz 1.0 beta eminder.exe autodetect
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Dodaj do filtra – C:Program FilesMYIE2config/blacklist.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: Download with GetRight – C:Program FilesGetRightGRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Open Image in New Window – res://C:Program FilesPopUpCoppopupcop.dll/imagenew
O8 – Extra context menu item: Open with GetRight Browser – C:Program FilesGetRightGRbrowse.htm
O15 – Trusted Zone: *.05p.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.scoobidoo.com
O15 – Trusted Zone: *.searchmiracle.com
O16 – DPF: {10003000–1000–0000–1000–000000000000} –
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Logfile of HijackThis v1.97.7
Scan saved at 15:02:07, on 2004–08–19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesKerioPersonal Firewallpersfw.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1NORTON~1 avapw32.exe
C:WINDOWSSystem32ctfmon.exe
C:Program FilesSpybot – Search & DestroyTeaTimer.exe
C: otalcmdTOTALCMD.EXE
D:BAKAbookHijackHijackThis.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://lookfor.cc?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {3A5E4FFC–EA72–40C8–9E03–183569A16569} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:Program FilesSpybot – Search & DestroySDHelper.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O2 – BHO: (no name) – {F3AF6F3A–9272–4823–AB45–167C6D129F0A} – C:WINDOWSSystem32kfkcj.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:PROGRA~1POPUPCOPPopUpCop.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~1 avapw32.exe
O4 – HKLM..Run: [zSPGuard] c:program filespjwspguardspguard.exe /s
O4 – HKLM..Run: [Reminder for Calendar 1.0] C:Program FilesKalendarz 1.0 beta eminder.exe autodetect
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKCU..Run: [CTFMON.EXE] C:WINDOWSSystem32ctfmon.exe
O4 – HKCU..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot – Search & DestroyTeaTimer.exe
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 – Extra context menu item: &Download with &DAP – C:PROGRA~1DAPdapextie.htm
O8 – Extra context menu item: Dodaj do filtra – C:Program FilesMYIE2config/blacklist.htm
O8 – Extra context menu item: Download &all with DAP – C:PROGRA~1DAPdapextie2.htm
O8 – Extra context menu item: Download with GetRight – C:Program FilesGetRightGRdownload.htm
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O8 – Extra context menu item: Open Image in New Window – res://C:Program FilesPopUpCoppopupcop.dll/imagenew
O8 – Extra context menu item: Open with GetRight Browser – C:Program FilesGetRightGRbrowse.htm
O15 – Trusted Zone: *.05p.com
O15 – Trusted Zone: *.clickspring.net
O15 – Trusted Zone: *.mt–download.com
O15 – Trusted Zone: *.my–internet.info
O15 – Trusted Zone: *.scoobidoo.com
O15 – Trusted Zone: *.searchmiracle.com
O16 – DPF: {10003000–1000–0000–1000–000000000000} –
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {33564D57–0000–0010–8000–00AA00389B71} – http://download.microsoft.com/download/F/6/E/F6E491A6–77E1–4E20–9F5F–94901338C922/wmv9VCM.CAB
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Odpowiedzi: 1
HiJack to nie wirus :wink: .
Powinienes sie pozbyc przede wszystkim sp.html z folderu Temp. Znajdziesz na forum narzedzie do usuwania – podawalem.
A to co nizej zaznacz, zaFIXuj w HiJacku, odszukaj na dysku wymienione pliki i usun. Moze byc nawet w awaryjnym.
Powinienes sie pozbyc przede wszystkim sp.html z folderu Temp. Znajdziesz na forum narzedzie do usuwania – podawalem.
A to co nizej zaznacz, zaFIXuj w HiJacku, odszukaj na dysku wymienione pliki i usun. Moze byc nawet w awaryjnym.
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://lookfor.cc?pin=29126
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = file://C:DOCUME~1BogdanUSTAWI~1Tempsp.html
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank
O2 – BHO: (no name) – {3A5E4FFC–EA72–40C8–9E03–183569A16569} – (no file)
O2 – BHO: (no name) – {F3AF6F3A–9272–4823–AB45–167C6D129F0A} – C:WINDOWSSystem32kfkcj.dll
O6 – HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O16 – DPF: {10003000–1000–0000–1000–000000000000} –
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
Strona 1 / 1